This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote TLS server negotiates a weaker signature algorithm.
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to
use, allowing remote attackers to conduct downgrade attacks.
This plugin sends a list of hash algorithms (SHA512, SHA384, SHA256,
SHA224, SHA1, and MD5) in descending order, and checks if the server
See also :
Use a PolarSSL version other than 1.3.8.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true